Documente Academic
Documente Profesional
Documente Cultură
https://www.owasp.org/index.php/OWASP_Day_KL_2011
Agenda
Objective of The Day Identified The Risks Who should be involved Where To Starts What To Audit When To Audit How To Do It
Objective
In Depth Defense
Risk
To Err Is Human
Risks
Not a latest Patches Forget my password Allow all, Deny None Install everything Share anything Phishing No backup
Be alert
http://www.mycert.org.my/en/ http://www.securityfocus.com/ http://packetstormsecurity.org/ http://gcert.mampu.gov.my/ http://www.cert.org/certcc.html Internet Storm Center http://isc.sans.edu/ Patches Priority One http://www.sans.org/top-cyber-security-risks/
Lab One
http://www.kb.cert.org/vuls/
Forget My Password
We will use easy password Password must = Senang nak ingat, susah nak teka. Don't leak the hash Generate MD5 hash
http://md5crack.com/crackmd5.php http://isc.sans.edu/tools/reversehash.html
Crack MD5
Lab Two
Crack this
password abc123 haris Your own name Birthday date in numbers Birthday date in any format
Any ports outbound open Not proxy between LAN and Internet Used by BOT to attack and comm with BOSS
Lab Three
Telnet
Telnet in CMD and Shell Port 80 GET /index.htm HTTP/1.1 and enter twice Port 25 helo and quit
http://www.yougetsignal.com/tools/open-ports/ http://canyouseeme.org/
Install Everything
Share Everything
Lab Four
Phishing
Email Phone
Lab Five
http://www.phishtank.com/
You will never know, you are the target. Defacement Archive
http://www.zone-h.org/archive
Break
Jom Minum
Who
?
- The Management - ICT - Me Everybody need to be involved
Lab Six
http://www.cisecurity.org/
Where To Start
LAN
Review firewall and proxy log SMTP activities IRC bot activities HTTP and HTTPS requests Minitor network traffic
Lab Seven
When To Do It
Contact
linuxmalaysia@gmail.com http://green-osstools.blogspot.com/